package com.itheima.itheima_health.Spring_Security.Config;

import com.itheima.itheima_health.Spring_Security.service.SpringSecurityUserService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@Slf4j
public class SecurityConfig {
    @Autowired
    private SpringSecurityUserService userDetailsService; // 注入自定义的UserDetailsService
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                // 定义授权请求规则
                .authorizeRequests()
                // 允许所有用户访问登录页面
                .antMatchers("/login").permitAll()
                // 放行 static 中的静态文件
                .antMatchers("/css/**", "/js/**", "/img/**", "/plugins/**", "/wxfonts/**", "/wximg/**").permitAll()
                // 允许所有用户访问注册页面
                .antMatchers("/register").permitAll()
                /*// 允许所有用户访问主页
                .antMatchers("/").permitAll()*/
                // 其他所有请求都需要认证
                .anyRequest().authenticated()
                // 配置登录表单
                .and()
                .formLogin()
                // 设置登录页面的路径
                .loginPage("/login").permitAll() // 允许所有用户访问登录页面
                .defaultSuccessUrl("/pages/main.html", true) // 登录成功后跳转到首页
                // 配置注销功能
                .and()
                .logout()
                // 允许所有用户注销
                .permitAll()
                .logoutSuccessUrl("/login") // 退出成功后跳转到登录页面，并带上退出成功的提示
                .invalidateHttpSession(true) // 清理HttpSession
                .clearAuthentication(true) // 清理SecurityContext中的认证信
                // 配置 HTTP 头
                .and()
                .headers()
                .frameOptions().sameOrigin(); // 允许同源嵌套

        // 配置UserDetailsService
        http.userDetailsService(userDetailsService);

        // 构建并返回 SecurityFilterChain 对象
        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {

        // 配置内存中的用户信息
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("user")
                .password(passwordEncoder.encode("password")) // 使用加密密码
                .roles("USER")
                .build());
        return manager;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(); // 使用 BCrypt 加密密码
    }
}